Fire Os Security Vulnerabilities and Issues — Fire Os CVE List

Lucene search

AmazonFire Os

12 matches found

CVE•added 2023/05/03 12:16 p.m.•48 views

CVE-2023-1383

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.Insignia TV with FireOS ...

5.4CVSS4.6AI score0.00056EPSS

CVE•added 2019/02/17 4:29 a.m.•40 views

CVE-2019-7399

Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.

7.4CVSS7.4AI score0.0024EPSS

CVE•added 2017/04/10 3:59 a.m.•38 views

CVE-2015-7292

Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.

10CVSS9.8AI score0.00411EPSS

CVE•added 2018/10/16 10:29 p.m.•35 views

CVE-2018-11019

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash.

7.8CVSS7.4AI score0.0401EPSS

CVE•added 2018/10/16 10:29 p.m.•35 views

CVE-2018-11023

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash.

7.8CVSS7.4AI score0.0401EPSS

CVE•added 2018/10/16 10:29 p.m.•33 views

CVE-2018-11021

kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash.

7.8CVSS7.4AI score0.0401EPSS

CVE•added 2018/10/16 10:29 p.m.•33 views

CVE-2018-11025

kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash.

7.8CVSS7.4AI score0.0401EPSS

CVE•added 2018/10/16 10:29 p.m.•31 views

CVE-2018-11024

kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash.

7.8CVSS7.4AI score0.0401EPSS

CVE•added 2018/10/16 10:29 p.m.•30 views

CVE-2018-11022

7.8CVSS7.4AI score0.0401EPSS

CVE•added 2023/05/03 1:15 p.m.•30 views

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.Insignia TV with FireOS versions prior to 7.6.3.3.

6.1CVSS6.4AI score0.00153EPSS

CVE•added 2023/05/03 1:15 p.m.•30 views

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.Insignia TV with FireOS 7.6.3...

8.8CVSS8.6AI score0.0004EPSS

CVE•added 2018/10/16 10:29 p.m.•28 views

CVE-2018-11020

kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash.

4.9CVSS4.7AI score0.0187EPSS